Re: On classifying attacks

• Previous message: Martin Schulze: "[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability"
• In reply to: Derek Martin: "Re: On classifying attacks"
• Next in thread: James Longstreet: "Re: On classifying attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 17 Jul 2005 11:41:54 +0200
To: Derek Martin <code@pizzashack.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 16 Jul 2005 12:40:29 -0400, Derek Martin <code@pizzashack.org> wrote:

> It seems to me your statement can't be correct, because this is ALWAYS
> the case. A local exploit requires that a local user run an
> executable. A remote exploit requires that a local user run an
> executable, even if that is accomplished merely by booting the system.
> All exploits require running code, and code doesn't magically start
> itself... Running code is required, because it is the very running
> code which is being exploited.

Maybe so, however with the case of the BIND attack, the vulnerability in
locally running code (named) is being exploited by a remote attacker via the
network.

In the case of an e-mail containing malicious code, the code being exploited
(parts of the Windows kernel or whatever) is being attacked by code running
locally - on the *same* machine. In this sense it can hardly qualify as a
"remote" exploit.

- --
G. Stewart - gstewart@spamcop.net

A lot of money is tainted. 'Taint yours and 'taint mine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC2ifiK5oiGLo9AcYRAswqAJ9lPxLOVO45WpnKxWEYva41HSbnrwCfdkGT
fEc+qbBBB4LKkzeR5bKMikg=
=yzAH
-----END PGP SIGNATURE-----

• Previous message: Martin Schulze: "[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability"
• In reply to: Derek Martin: "Re: On classifying attacks"
• Next in thread: James Longstreet: "Re: On classifying attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]